Your data was in a breach: a calm, complete action plan

Data breaches have become a fact of digital life. Sooner or later, a service you use will be breached and some of your information exposed. It is unsettling, but panic is unnecessary — what matters is taking the right steps in the right order. Here is a complete, calm action plan for when your data turns up in a breach.

First, understand what was exposed

Not all breaches are equal. The right response depends on what leaked:

• Just an email address? Annoying but low-risk on its own; expect more spam and phishing.
• Email and password? Serious — especially if you reused that password elsewhere.
• Financial details? Urgent; involves your bank and card.
• Identity documents or government IDs? High-risk for identity theft, requiring extra monitoring.

Breach notifications usually state what was exposed. Read carefully so your response matches the actual risk.

Step 1: change the affected password — and its twins

Change your password on the breached service immediately. Then, crucially, change it anywhere you reused it. Attackers take leaked email-and-password pairs and try them across other sites, so a single reused password turns one breach into many compromised accounts. If this feels overwhelming, it is the clearest argument for adopting a password manager so reuse never happens again.

Step 2: enable two-factor authentication

Turn on two-factor authentication (2FA) on the breached account and your other important accounts. Even if your password is now circulating, 2FA blocks access without the second factor. Prioritise your email account, which can reset everything else.

Step 3: watch for targeted phishing

After a breach, expect a rise in phishing that uses the leaked details to seem credible — emails that know your name, reference the breached service, or quote real information about you. Be especially sceptical of messages claiming to be "about the breach" and urging you to click or log in. Scan any suspicious links with the URL scanner rather than trusting them.

Step 4: handle financial exposure

If payment details were exposed:

• Contact your bank or card issuer to flag the risk and consider a replacement card.
• Monitor your statements closely for unauthorised transactions and dispute any promptly.
• Watch for small "test" charges, which fraudsters use to verify a card before larger ones.

Step 5: guard against identity theft

If sensitive identity information was exposed, take longer-term precautions: monitor your credit and financial accounts for activity you did not initiate, consider a credit freeze or fraud alert if available in your region, and be alert to accounts or services opened in your name. Identity misuse can surface months after a breach, so sustained vigilance matters.

Step 6: learn whether you are affected proactively

You do not have to wait to be notified. Reputable breach-notification services let you check whether your email appears in known breaches, and many password managers and browsers now alert you automatically when a stored credential is exposed. Setting these up means you find out early — when quick action does the most good.

Turning a breach into better habits

A breach is a prompt to fix the underlying weaknesses that made it costly. If reuse forced you to change a password in ten places, adopt a password manager. If you lacked 2FA, turn it on everywhere. If you were caught off guard, set up breach alerts. The breach itself was outside your control — the service was compromised, not you — but how exposed you are to the next one is very much in your hands. Each breach handled well leaves you more resilient for the future.

Breaches feel violating because they are, but they are survivable and increasingly routine. A clear plan, executed calmly, limits the damage of almost any breach — and the habits you build in response make you a smaller target going forward.

Frequently asked questions